cerbos · charithe · Mar 7, 2024 · Mar 7, 2024
diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Painless access control for your software
 
+include::partial$version-check.adoc[]
+
+
 Cerbos helps you super-charge your authorization implementation by writing context-aware access control policies for your application resources. Author access rules using an intuitive YAML configuration language, use your Git-ops infrastructure to test and deploy them and, make simple API requests to the Cerbos PDP to evaluate the policies and make dynamic access decisions.
 
 
@@ -34,4 +37,4 @@ Cerbos is designed to be deployed as a service rather than a library compiled in
 
 The Cerbos approach is a proven, modern, cloud native pattern for delivering language-agnostic infrastructure services. link:https://dapr.io[Microsoft Dapr], link:https://istio.io[Istio] and link:https://linkerd.io[Linkerd] are good examples of popular products utilising similar language-agnostic service APIs to augment applications.
 
-Because Cerbos is in the critical request path and expected to handle large volumes of requests, we are obsessive about making Cerbos as fast and as efficient as possible with every release. Cerbos exposes an efficient, low latency gRPC API and is designed to be stateless and lightweight so that it can be deployed as a sidecar right next to  your application. It can even be accessed over Unix domain sockets for extra security and reduced overhead.   
+Because Cerbos is in the critical request path and expected to handle large volumes of requests, we are obsessive about making Cerbos as fast and as efficient as possible with every release. Cerbos exposes an efficient, low latency gRPC API and is designed to be stateless and lightweight so that it can be deployed as a sidecar right next to  your application. It can even be accessed over Unix domain sockets for extra security and reduced overhead.   
diff --git a/docs/modules/ROOT/pages/installation/binary.adoc b/docs/modules/ROOT/pages/installation/binary.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Install from binary
 
+include::partial$version-check.adoc[]
+
+
 Cerbos binaries are available for multiple operating systems and architectures. See the link:{app-github-releases-page}[releases page] for all available downloads.
 
 [caption=]

diff --git a/docs/modules/ROOT/pages/installation/container.adoc b/docs/modules/ROOT/pages/installation/container.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Run from container
 
+include::partial$version-check.adoc[]
+
+
 [source,sh,subs="attributes"]
 ----
 docker run --rm --name cerbos -p 3592:3592 {app-docker-img}

diff --git a/docs/modules/ROOT/pages/installation/helm.adoc b/docs/modules/ROOT/pages/installation/helm.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Install from Helm chart
 
+include::partial$version-check.adoc[]
+
+
 Add the Cerbos Helm repository:
 
 [source,sh,subs="attributes,macros"]

diff --git a/docs/modules/ROOT/pages/quickstart.adoc b/docs/modules/ROOT/pages/quickstart.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Quickstart
 
+include::partial$version-check.adoc[]
+
+
 
 Create a directory to store the policies.
 

diff --git a/docs/modules/ROOT/pages/tutorial/00_intro.adoc b/docs/modules/ROOT/pages/tutorial/00_intro.adoc
@@ -1,6 +1,9 @@
 include::partial$attributes.adoc[]
 
 = Tutorial
+
+include::partial$version-check.adoc[]
+
 :page-aliases: ROOT:usage.adoc
 
 == Cerbforce

diff --git a/docs/modules/ROOT/pages/tutorial/01_running-locally.adoc b/docs/modules/ROOT/pages/tutorial/01_running-locally.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Running locally
 
+include::partial$version-check.adoc[]
+
+
 As the developers of Cerbforce began their investigation of the system, the first step was getting a Cerbos instance up and running locally.
 
 == Container

diff --git a/docs/modules/ROOT/pages/tutorial/02_resource-definition.adoc b/docs/modules/ROOT/pages/tutorial/02_resource-definition.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Policy authoring
 
+include::partial$version-check.adoc[]
+
+
 NOTE: The policies for this section can be found link:{tutorial-base}/03-resource-definition/cerbos[on GitHub].
 
 == Authentication roles

diff --git a/docs/modules/ROOT/pages/tutorial/03_calling-cerbos.adoc b/docs/modules/ROOT/pages/tutorial/03_calling-cerbos.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Calling Cerbos
 
+include::partial$version-check.adoc[]
+
+
 NOTE: The policies for this section can be found link:{tutorial-base}/04-calling-cerbos/cerbos[on GitHub].
 
 Now that you know the policies are valid, it is time to make your first call to Cerbos to make an authorization check.

diff --git a/docs/modules/ROOT/pages/tutorial/04_testing-policies.adoc b/docs/modules/ROOT/pages/tutorial/04_testing-policies.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Testing policies
 
+include::partial$version-check.adoc[]
+
+
 NOTE: The policies for this section can be found link:{tutorial-base}/05-testing-policies/cerbos[on GitHub].
 
 Cerbos allows you to write xref:policies:compile.adoc[tests for policies] and run them as part of the compilation stage to make sure that the policies do exactly what you expect. This saves the manual effort of running example requests over and over to ensure the policy logic is as you expect.

diff --git a/docs/modules/ROOT/pages/tutorial/05_adding-conditions.adoc b/docs/modules/ROOT/pages/tutorial/05_adding-conditions.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Adding conditions
 
+include::partial$version-check.adoc[]
+
+
 NOTE: The policies for this section can be found link:{tutorial-base}/06-adding-conditions/cerbos[on GitHub].
 
 In the previous section, an RBAC policy was created that allowed anyone with a `user` role to update a user resource - this isn't what is intended as it would allow users to update other users' profiles.

diff --git a/docs/modules/ROOT/pages/tutorial/06_derived-roles.adoc b/docs/modules/ROOT/pages/tutorial/06_derived-roles.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Derived roles
 
+include::partial$version-check.adoc[]
+
+
 NOTE: The policies for this section can be found link:{tutorial-base}/07-derived-roles/cerbos[on GitHub].
 
 The business requirements for Cerbforce state that only an owner of Contacts and Companies are allowed to delete them from the system. With Cerbos, the aim is to keep policies as simple as possible and not repeat logic across different resources, so in this situation, a xref:policies:derived_roles.adoc[Derived Role] can enable help.

diff --git a/docs/modules/ROOT/pages/tutorial/07_principal-policies.adoc b/docs/modules/ROOT/pages/tutorial/07_principal-policies.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Principal policies
 
+include::partial$version-check.adoc[]
+
+
 NOTE: The policies for this section can be found link:{tutorial-base}/08-principal-policies/cerbos[on GitHub].
 
 The final type of policy that Cerbos supports is a xref:policies:principal_policies.adoc[principal policy] which is a special type that allows user-specific overrides to be defined.

diff --git a/docs/modules/ROOT/pages/tutorial/08_attribute-schema.adoc b/docs/modules/ROOT/pages/tutorial/08_attribute-schema.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Attribute schema
 
+include::partial$version-check.adoc[]
+
+
 NOTE: The policies for this section can be found link:{tutorial-base}/09-attribute-schema/cerbos[on GitHub].
 
 An additional check bit of business logic has been introduced for the `contact` resource which requires the `active` attribute of a contact to be set to `True` to be able to `update` or `delete` it. This is so that old contacts are kept for reporting purposes and can't be accidentally deleted or updated.

diff --git a/docs/modules/ROOT/pages/tutorial/09_integrating-cerbos.adoc b/docs/modules/ROOT/pages/tutorial/09_integrating-cerbos.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = Integrating Cerbos
 
+include::partial$version-check.adoc[]
+
+
 With the policies now defined the authorization logic inside the app can be replaced with a call out to a running Cerbos instance.
 
 Cerbos has SDKs available for Go, Java, .NET, Node, PHP, Python, Ruby, and Rust. Documentation for these and other examples can be found xref:api:index.adoc[here].
diff --git a/docs/modules/ROOT/pages/what-is-cerbos.adoc b/docs/modules/ROOT/pages/what-is-cerbos.adoc
@@ -2,6 +2,9 @@ include::partial$attributes.adoc[]
 
 = What is Cerbos?
 
+include::partial$version-check.adoc[]
+
+
 == Authorization-as-a-Service
 
 One of the key tenants that allows many successful systems to scale is the adoption of a microservices architecture where each component can be scaled to meet the exact demands of the system. 

diff --git a/docs/modules/ROOT/partials/attributes.adoc b/docs/modules/ROOT/partials/attributes.adoc
@@ -12,13 +12,3 @@
 :cerbosctl-docker-img: {app-container-registry}/cerbos/cerbosctl:{app-version}
 :tutorial-base: {app-github-url}/tree/main/docs/modules/ROOT/examples/tutorial
 
-ifndef::page-component-version-is-latest[]
-NOTE: This documentation is for
-ifeval::["{page-component-version}" > "{page-component-latest-version}"]
-an as-yet unreleased
-endif::[]
-ifeval::["{page-component-version}" < "{page-component-latest-version}"]
-a previous
-endif::[]
-version of Cerbos. Choose {page-component-latest-version} from the version picker at the top right or navigate to https://docs.cerbos.dev for the latest version.
-endif::page-component-version-is-latest[]
diff --git a/docs/modules/ROOT/partials/version-check.adoc b/docs/modules/ROOT/partials/version-check.adoc
@@ -0,0 +1,10 @@
+ifndef::page-component-version-is-latest[]
+NOTE: This documentation is for
+ifeval::["{page-component-version}" > "{page-component-latest-version}"]
+an as-yet unreleased
+endif::[]
+ifeval::["{page-component-version}" < "{page-component-latest-version}"]
+a previous
+endif::[]
+version of Cerbos. Choose {page-component-latest-version} from the version picker at the top right or navigate to https://docs.cerbos.dev for the latest version.
+endif::page-component-version-is-latest[]
diff --git a/docs/modules/api/pages/admin_api.adoc b/docs/modules/api/pages/admin_api.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = The Cerbos Admin API
 
+include::ROOT:partial$version-check.adoc[]
+
+
 The Admin API is an optional component of the Cerbos PDP that must be enabled by setting the `server.adminAPI.enabled` to `true` in the configuration. (See xref:configuration:server.adoc#admin-api[Admin API configuration] for details).
 
 Authentication is mandatory for the Admin API. Currently only basic authentication with a single admin user is supported. If no credentials are configured using the xref:configuration:server.adoc#admin-api[configuration], the default username and password is `cerbos` and `cerbosAdmin`.

diff --git a/docs/modules/api/pages/index.adoc b/docs/modules/api/pages/index.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = The Cerbos API
 
+include::ROOT:partial$version-check.adoc[]
+
+
 The main API endpoint for making policy decisions is the `/api/check/resources` REST endpoint (`cerbos.svc.v1.CerbosService/CheckResources` RPC in the gRPC API). You can view the latest API documentation from a running Cerbos instance by accessing the root directory of the HTTP endpoint using a browser.
 
 [source,sh,subs="attributes"]

diff --git a/docs/modules/cli/pages/cerbos.adoc b/docs/modules/cli/pages/cerbos.adoc
@@ -1,6 +1,9 @@
 include::ROOT:partial$attributes.adoc[]
 
 = `cerbos`
+
+include::ROOT:partial$version-check.adoc[]
+
 :page-aliases: compile.adoc, server.adoc
 
 See xref:ROOT:installation/binary.adoc[] or xref:ROOT:installation/container.adoc[] for instructions on how to install the `cerbos` binary.

diff --git a/docs/modules/cli/pages/cerbosctl.adoc b/docs/modules/cli/pages/cerbosctl.adoc
@@ -1,6 +1,9 @@
 include::ROOT:partial$attributes.adoc[]
 
 = `cerbosctl`
+
+include::ROOT:partial$version-check.adoc[]
+
 :page-aliases: ctl.adoc
 
 This utility can be downloaded as a separate container, tar archive, or link:https://www.npmjs.com/package/cerbosctl[npm package]. It is automatically installed when installing Cerbos through xref:ROOT:installation/binary.adoc#linux-packages[Linux packages or the Homebrew tap].

diff --git a/docs/modules/cli/pages/index.adoc b/docs/modules/cli/pages/index.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Cerbos CLI
 
+include::ROOT:partial$version-check.adoc[]
+
+
 Every link:{app-github-releases-page}[Cerbos release] ships with two binaries:
 
 xref:cerbos.adoc[`cerbos`]:: The Cerbos server (PDP) and the compiler/test runner

diff --git a/docs/modules/configuration/pages/audit.adoc b/docs/modules/configuration/pages/audit.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Audit block
 
+include::ROOT:partial$version-check.adoc[]
+
+
 The `audit` block configures the audit logging settings for the Cerbos instance. Audit logs capture access records and decisions made by the engine along with the associated context data.
 
 Cerbos API responses include a `cerbosCallId` field that contains the unique identifier under which the request was logged to the audit log (if enabled) and the Cerbos activity log. It is recommended that applications log this ID as part of their activity logs too so that those log entries can be joined together with Cerbos logs during log analysis to build a complete picture of the authorization decisions.

diff --git a/docs/modules/configuration/pages/auxdata.adoc b/docs/modules/configuration/pages/auxdata.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = AuxData block
 
+include::ROOT:partial$version-check.adoc[]
+
+
 The `auxData` block configures the auxiliary data sources that can be referenced in policy conditions.
 
 

diff --git a/docs/modules/configuration/pages/engine.adoc b/docs/modules/configuration/pages/engine.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Engine block
 
+include::ROOT:partial$version-check.adoc[]
+
+
 == Default policy version
 
 xref:policies:index.adoc[Cerbos policies] have a `version` field to support use cases such as having different policies for different environments (production, staging etc.) or for gradual rollout of a new version of an application. By default, when a request does not explicitly specify the policy version, the Cerbos engine attempts to find a matching policy that has its version set to `default`. You can change this fallback value by setting the `defaultPolicyVersion`. For example, if you have a Cerbos deployment for your staging environment, you may want to set `defaultPolicyVersion: staging` to ensure that the default policies in effect are the ones versioned as `staging`.

diff --git a/docs/modules/configuration/pages/index.adoc b/docs/modules/configuration/pages/index.adoc
@@ -3,6 +3,9 @@ include::ROOT:partial$attributes.adoc[]
 [[configuration]]
 = Configuration
 
+include::ROOT:partial$version-check.adoc[]
+
+
 The Cerbos server is configured with a YAML file, conventionally named `.cerbos.yaml`. Start the server by passing the configuration file using the `--config` flag. The values defined in the file can be overridden from the command-line by using the `--set` flag. The `--set` flag can be used multiple times. For example, to override `server.httpListenAddr` and `engine.defaultPolicyVersion`, the `--set` flag can be used as follows:
 
 [source,sh,subs="attributes"]

diff --git a/docs/modules/configuration/pages/observability.adoc b/docs/modules/configuration/pages/observability.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Observability
 
+include::ROOT:partial$version-check.adoc[]
+
+
 Cerbos is designed from the ground up to be cloud native and has first-class support for observability via OpenTelemetry metrics and distributed traces.
 
 [#metrics]

diff --git a/docs/modules/configuration/pages/schema.adoc b/docs/modules/configuration/pages/schema.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Schema Block
 
+include::ROOT:partial$version-check.adoc[]
+
+
 See xref:policies:schemas.adoc[] for more information about schemas.
 
 == Enforcement

diff --git a/docs/modules/configuration/pages/server.adoc b/docs/modules/configuration/pages/server.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Server block
 
+include::ROOT:partial$version-check.adoc[]
+
+
 == Listen addresses
 
 By default the server will start an HTTP server on port `3592` and a gRPC server on `3593` that will listen on all available interfaces.

diff --git a/docs/modules/configuration/pages/storage.adoc b/docs/modules/configuration/pages/storage.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Storage block
 
+include::ROOT:partial$version-check.adoc[]
+
+
 Cerbos supports multiple backends for storing policies. Which storage driver to use is defined by the `driver` setting.
 
 [id="disk-driver"]

diff --git a/docs/modules/configuration/pages/telemetry.adoc b/docs/modules/configuration/pages/telemetry.adoc
@@ -1,6 +1,9 @@
 include::ROOT:partial$attributes.adoc[]
 
 = Telemetry
+
+include::ROOT:partial$version-check.adoc[]
+
 :page-aliases: ROOT:telemetry.adoc
 
 Cerbos developers rely on anonymous usage data to help prioritise new features and improve the product. The information collected is completely anonymous, never shared with external entities, and you can opt out at any time.

diff --git a/docs/modules/configuration/pages/tracing.adoc b/docs/modules/configuration/pages/tracing.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Tracing block
 
+include::ROOT:partial$version-check.adoc[]
+
+
 IMPORTANT: The `tracing` block was deprecated in Cerbos 0.32.0 and removed in Cerbos 0.33.0. Refer to xref:observability.adoc#traces[observability configuration] for information about configuring traces.
 
 [#migration]

diff --git a/docs/modules/deployment/pages/index.adoc b/docs/modules/deployment/pages/index.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Cerbos deployment patterns
 
+include::ROOT:partial$version-check.adoc[]
+
+
 Cerbos can be deployed as a service or as a sidecar. Which mode to choose depends on your requirements.
 
 == Service model

diff --git a/docs/modules/deployment/pages/k8s-service.adoc b/docs/modules/deployment/pages/k8s-service.adoc
@@ -2,4 +2,7 @@ include::ROOT:partial$attributes.adoc[]
 
 = Deploy Cerbos as a service
 
+include::ROOT:partial$version-check.adoc[]
+
+
 You can use the xref:ROOT:installation/helm.adoc[Cerbos Helm chart] to deploy Cerbos as a service inside your Kubernetes cluster. Refer to the xref:ROOT:installation/helm.adoc[Helm chart instructions] for more details. 
diff --git a/docs/modules/deployment/pages/k8s-sidecar.adoc b/docs/modules/deployment/pages/k8s-sidecar.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Deploy Cerbos as a sidecar
 
+include::ROOT:partial$version-check.adoc[]
+
+
 The sidecar deployment model might be a preferrable option under the following circumstances:
 
 * You have a self-contained application that does not need to share policies with other applications in your environment.

diff --git a/docs/modules/deployment/pages/serverless-faas.adoc b/docs/modules/deployment/pages/serverless-faas.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Deploy Cerbos to Serverless/FaaS environments
 
+include::ROOT:partial$version-check.adoc[]
+
+
 == AWS Lambda
 
-You can deploy Cerbos to AWS Lambda by building a special container image that includes the Lambda runtime and the Cerbos binary. See https://github.com/cerbos/cerbos-aws-lambda for an example. The repository also contains an example of an AWS Lambda function that creates an AWS API Gateway endpoint to communicate with Cerbos over the HTTP protocol.
+You can deploy Cerbos to AWS Lambda by building a special container image that includes the Lambda runtime and the Cerbos binary. See https://github.com/cerbos/cerbos-aws-lambda for an example. The repository also contains an example of an AWS Lambda function that creates an AWS API Gateway endpoint to communicate with Cerbos over the HTTP protocol.
diff --git a/docs/modules/deployment/pages/systemd.adoc b/docs/modules/deployment/pages/systemd.adoc
@@ -2,6 +2,9 @@ include::ROOT:partial$attributes.adoc[]
 
 = Deploy Cerbos as a systemd service
 
+include::ROOT:partial$version-check.adoc[]
+
+
 The xref:ROOT:installation/binary.adoc#linux-packages[Cerbos Linux packages] will automatically create a systemd service during installation. If you are using the tarballs to create a custom installation, you can modify the following sample systemd service definition to match your requirements.